The publishers thought for years that it was too risky to let authors put
books online but they are gradually learning that this isn't so. Putting a
book online often increases its sales; more people read it and those who
find it useful often go buy a copy.

Funny how that works with media, isn't it? Newspapers are free to read on-line. Do they blame lack of income on that? Hell no, they probably make more money on ads that didn't cost ink and paper to print!

If we were concerned about artists, you'd put all their music online--eliminating album profits to them and labels--and pay to see the live shows. That's where they make all their money anyway.

Poor tech authors often sign anything that's in front of them to get their books out. Which means they don't make squat on the sales plus the publisher hikes the price up so that they turn a good profit. Ever bought Duda, Hart & Stork's Pattern Classification [amazon.com]? Good luck, $100 for a six year old book!? Give me the black and white Asian release that's illegally sold on eBay for $10. Yet it remains a standard in the field.

You don't believe me that authors sign outrageous contracts? Well, this poor man had to beg to get his work online. Sounds like he didn't sign a contract that left him creative and absolute control over the distribution of this work.

Yet if they don't get it into print, it can't be used in a classroom setting. What a terrible system (hail capitalism). To all artists, authors and producers of media, please cut out the middle men that make it nearly impossible for me to afford your beautiful works and more or less cheat you out of money in a highway robbery-like scam.

Printed word was an amazing invention because it posed a method to mechanically copy texts and ideas and get them out to people. The internet allows you to do that for nearly free... use it!

Sounds like he didn't sign a contract that left him creative and absolute control over the distribution of this work.

Who woulda thunk it... he signs a contract to get a company to publish and distribute his work, and doesn't retain absolute control? If he wanted complete control, he would have self-published. There are pros and cons of both, and to rip the publishing industry for a perfectly reasonable contract term is ridiculous. As self-publishing becomes more and more feasible given the internet, these restrictions will change. This is a sign of that change, and you should celebrate Wiley rather than lambast them.

Yet if they don't get it into print, it can't be used in a classroom setting. What a terrible system (hail capitalism).

What an imbecilic troll. The problem isn't capitalism, it's the inherent nature of a bureaucratic system -- it's resistant to change (for good reason -- there are lots of crappy ideas out there). This depends not at all on what kind of socioeconomic system is in place, and capitalism may indeed offer better opportunities for authors (do you think an autocratic economic system would enhance the ability of authors to get their material accepted in the classroom?).

Please note, I am not a free market idealist. I am also not an apologist for the publishing industry, and their treatment of authors. However, you severely misrepresent the fact that publishers such as Wiley do indeed provide services to authors, and to the public. (Editing, fact-checking, vetting, advertising, marketing, etc).

Disclaimer: I work in magazine publishing, which is an entirely different kettle of fish. I do, however, deal with book authors on a frequent basis, both self-published and thos epublished by major imprints.

Who woulda thunk it... he signs a contract to get a company to publish and distribute his work, and doesn't retain absolute control? If he wanted complete control, he would have self-published.

Shouldn't he still maintain the copyright though? The contract should only affect the print distribution, I would think he should still be able to distribute through other channels how he sees fit, as it's his words, not the publishing company's....I say this having no idea what the boilerplate contract looks like i

Dunno about Wiley, but my wife publishes popular fiction and her contacts give the rights to the publisher even though the work is copyrighted to her. There is a clause in the contract, however, something to the effect that 6 years after the publication date, she can petition to get the rights transfferred to her. But that might be particular to her publisher

IOW, even though she is the copyright holder, she can't redistribute the content in any form per the contract.

Sure. But the author has signed away their right to publish independently, normally it's an exclusive license. Book publishers include prohibition of publishing online because they've traditionally seen online publishing in direct competition with their print publishing.

Your sentiment makes sense, but I have to agree with the GP. I think people miss some key points here:

1) The ethical (not legal - the contracts settle that) question up until this point has been whether the publishing company has a right to restrict distribution through other channels. It's not a hard case to make on the publishers' side: Until recently, there was little reason to expect that free distribution would make print sales go up, and the data on that remain unclear. So, as a publisher, why wouldn't you want to resist other distribution models?

2) If I read TFA properly, it appears that the text being distributed is the text that was edited, copy edited, etc. by Wiley. As far as I'm concerned, that gives Wiley just as much moral claim to the work as the author. People underestimate the amount of time and effort that goes into the editing process. Writers, by and large, are not good writers. So why should they always retain copyrights?

Disclaimer: I've edited for a newspaper in the past, and I'm currently an editor for an undergraduate journal, so I'm pretty obviously biased against authors-above-all types. Mod appropriately.

Look man, it's capitalism that drives the men to charge money for doing nothing. I'm not an idealist either way and enjoy many benefits from capitalism. It's just strange how much capitalism hurts academia. In intellectual property, publishing and copywriting everything. Literally everything.

Please argue with me next time instead of just calling names. Sheesh.

do you think an autocratic economic system would enhance the ability of au

I didn't mean to call you an imbecilic troll... rather that that particular statement was imbecilic and trollish "(hail capitalism)"? Maybe it's because I'm used to seeing more well-thought out posts from you, that I hold you to a higher standard than a lot of the frequent posters on slashdot... sorry for over-reacting.

It's just strange how much capitalism hurts academia.

I have to disagree with that. There's a reason unis prefer to review texts from reputable publishers, and those publishers do in fact

it is important to note that all the services that publishers provide to authors... are essentially provided to musical artists by record companies. I'll argue any day that just about everything you can say about an author, you can say about a musician... with very little editing to make it fit properly...It was already stated in the comments here that concert tours actually barely break even.... they are not fountains of money like the mistaken public seems to believe. However, the equivalent for an auth

I disagree with your statement that people don't buy music that they download. I argue that people learn which music they like buy sampling it (taping in my generation) at an age they can't afford much... and buy it later when they can. Most of my music collection is CDs of stuff I have LPs and infringing tapes of.

For music, you have to hear it to like it. I've bought many a book on the basis of the title alone - never for music.

I agree that you have to hear it, but that is what samples are for. You can also hear the music on the radio.Plenty of people buy books based on the cover. Most also read the dust jackets. Some rely on reviews. And yes, there are indeed people who will read the entire book before they buy it. Some will sit in Borders or a library to do this.

However.

As I said, if you get a copy of a book from a friend, you don't run to the photocopier to make yourself another book. You don;t scan it into your computer

Performers frequently moan about never seeing a royalty check from their record label, no matter how many discs they sell. But a top concert draw can take home 35% of the night's gate and up to 50% of the dollar flow from merchandise sold at the show. The labels get none of it.

"The top 10% of artists make money selling records. The rest go on tour," says Scott Welch, who manages singers Alanis Morissette and LeAnn Rimes.

I've got a friend who used to work for a small boutique publisher, and I can tell you that publishers are an author's best friend. Without them the author's works would go nowhere. Fine, change the business model to distribute freely online, but as far as increasing sales of books, those books have to fome from somewhere.

I just don't get the 'cut the middleman' mentality. What exactly do you think the publishers aren't contributing that the authors could do themselves? Are you expecting authors to employ and manage editors, designers, printers, pr and marketing people, advertisers, a nation-wide system of sales reps, sales managers, shipping companies, and so on? Or are you suggesting that these roles aren't necessary? That's the same thing as saying that books should only be digital from here on out. The attitide that the authors should 'just get a loan' to fund these activities is hogwash since the only people who could get a loan of that magnitude for an unpublished manuscript are already established authors, and even then it would be iffy. Then people suggest that authors should just publish online and screw printed materials, but for most applications like textbooks that doesn't really work for the consumer--wouldn't you rather just have a book than having to print it out yourself, which could easily cost as much in ink and paper as a bound book would, while being more irritating? Also, e-book technology still sucks. Besides, the author would still need to employ the editing, pr, marketing & advertising people anyway, because if you don't know about a book, why would you buy it? The fact is, people happily pay for advertising because the return on investment is huge.

Wouldn't it be great if there was a company that had the capital to invest like a bank, but also the expertise to cull the few good manuscripts from the staggering pile of crappy ones, then print and market and distribute these works? Wait, that would be a publisher.

I acknowledge that in some specific cases self-publishing directly to the internet might be a good business plan. But to suggest that we abandon dead trees in most cases misunderstands the market. You said it yourself, "...if they don't get it into print, it can't be used in a classroom setting." Sure, good chunks of fat could be trimmed from the publishing world, but name one industry where this isn't true? I just think that the 'middle man' is necessary to the process.

Sorry, OP. I realize that most of my rant doesn't even apply to your main points. I just don't think the middle man is all that useless in most cases.

The book wouldn't exist in the first place without the middleman. To say that they are not serving the author's interests is not true; the author had the choice not to sign the contract with the publisher. Contract negotiations are a give and take; the author both got something and had something taken away. Your interests are irrelevant to this business decision except as part of a potential market, and if the publisher thinks they can't make money in that potential market, they won't try. You may not l

Yes, it would. Strangely enough, books were written before "publishers" were invented.

To say that they are not serving the author's interests is not true; the author had the choice not to sign the contract with the publisher. Contract negotiations are a give and take; the author both got something and had something taken away.

Contracts do not always "serve" both party's interests. As in the case of the author's previous work no longer being pu

As the author of some free, online textbooks, I actually agree with a lot of your points. However, I think they're overstated. My books have actually been reasonably successful without signing on with a publisher. I've had adoptions from 13 other schools besides my own. POD companies like lulu.com have made it pretty trivial to take care of production and distribution. Advertising also isn't rocket science. I designed my own ads, and ran them in a trade magazine (The Physics Teacher). A lot of the money tha

I'm really glad to see that you were able to self-publish successfully. Not all authors have such a mind for business in addition to their more creative talents. Your point about POD is a really good one, but it still doesn't solve the editing and marketing problems. Maybe the reps visiting schools is an example of a serious fat-trimming opportunity, but there's still more to marketing than a few ads and badgering teachers. Textbooks might be a bad example for this, but don't you suppose that going with

Textbooks might be a bad example for this, but don't you suppose that going with a traditional publisher might seriously increase your market share?
Sure. In fact, I got a nibble out of the blue recently from a publisher, and it's possible that they'll end up taking over publishing one of my books, while still letting it be free online. But note that it happened in the reverse of the traditional order: first I published it and got a bunch of adoptions, and then a publisher showed some interest. It's an ex

So why don't more people use systems like Lulu.com [lulu.com] that allow users to create their own content, sell it online, or even get it bound as real books on demand? Why do they need to get involved in huge publishing deals?

It seems that even just building a blog and syndicating some Google ads down the side would make as much money for the same readership as publishing a book.

What I want to know is if this guy supports the "change your server passwords every 90 days" crap. There are about 30 passwords that I need to remember for different servers here and the admins think that it's more secure to make the passwords change every 90 days, requiring the people to write down the passwords because they can't keep remembering them. To me, it seems like a much more secure idea to change the passwords when a person who knows one of the passwords leaves. If you wait for the 90 days to

I guess the problem is, is that somebody could bruteforce your password if you never changed it. Changing it that often means that they won't have time to brute force it before it changes. Although, I think that if you're going to do something like this, you should just have an RSA token or something for logging in. Makes it easier for the people who should have access to log in, without having to remember 30 different passwords that change every 90 days.

The possibility of brute force is not an argument for changing passwords frequently, unless you catch someone trying to brute force it and change it to one they've already tried. Brute force relies on the statistical likelihood of guessing the password before the reason you want access goes away. Changing the password every 90 days has no bearing on the likelihood of it being guessed in a certain amount of time, unless what you change it to has a probability of being guessed of less than what it was by virtue of the brute force method employed.

The best thing to do is to change your password anytime there is a good chance that someone who should not know it does know it. That includes an employee leaving, evidence of an unauthorized access that could have been attained by having the password (possibly discovered by brute force or by other methods), theft of the business card you wrote it down on, etc. But it does not include the mere possibility that someone could guess it - changing the password has no real bearing on their chances of guessing correctly, unless it was something insanely simple before and changed to something reasonable.

Ahem. As an admin myself I would like to throw a few ideas in there. 1) When I had a job where I wasn't in control (not admin, just support) and I didn't particulary fancy the admin staff, I brute forced my way into admin, had they changed it every 90 days it wouldn't have been worth the effort more than once or in particulary needed times. As it was, they appeared to agree with you, which in turn guaranteed me admin access from brute force methods until I ended my employment there (and gave the adm

And...5) Someone gets a copy of your password file (or SAM or wherever your hashed passwords are kept). If you change your passwords occasionally then they only have a limited time to run brute force methods against the file. Once you change your passwords you are safe again. Don't change your passwords and eventually they will own your entire organization. You won't even know it happened until it's too late. It's a less likely scenario these days but it is still a valid attack vector. Once that file

thanks for the input, the thing people have to know here though is that these are UNIX systems, they are behind a firewall, so you must be on our networks to even ping them (yes, I know there are so many backdoors to that), but if you fail 3 times, the account gets locked out and I have to call my admin to have him reset it. If this happens often, they can easily look at the audit logs and find out where all of these failure attempts are coming from. Brute force could take you over 50 years if you could o

You contradict yourself here. First you say changing the passwords would make a brute force attack less desirable since the password would only be valid in a limited timeframe, then you say changing passwords will likely be ineffective when the system is already breached.It's just a nitpick, really, I agree with your main points. Note though, that passwords, especially with enforced complexity, are more difficult to remember than a phone number (did you ever forget how you mixed the case on your phone numbe

#1. Putting the password in your wallet is taking a less secure process (written password) and encasing it in a more secure container (your wallet).

#2. Change the login process to lock out the account for 15 minutes after 3 failed login attempts. That way, less random passwords can be used (and easily remembered). As long as there is a real person monitoring the logs and watching for attacks so that action can be taken.

#3. If it is something that can be cracked off-line (secret message), store the really long password on a USB key or something. Then put that key in your wallet (#1).

OK, when I wrote that at first I was serious but now I can see why it is funny. The whole thing is that you run sha1sum or md5sum to verify that your download is accurate. If this were a software download, we would want to see the hash to make sure the file wasn't tampered with. Considering this book is called "Security Engineering," it's kind of a joke that you would want to verify the source files to make sure they weren't tampered with, since I doubt a virus can be embedded into a PDF file. It's also iro

"Ross Anderson, author of 'Security Enginnering', notifies in a message to comp.risks that he just got permission from Wiley to let anyone download the full content of his book for free. This is one of the best books on computer security and it is used as textbook in many University courses (I teach two of them)."

Pff. If the author of one of the best books on computer security can't even spell "engineering"---in the title of his book---then we need some better books!

Yes, and for those that are interested in propagating good security measures in their engineering feats should take a look a 2FA (2 factor authentication) architecture as a solution. There are many companies that offer this but one of the easiest to get going with from personal experience is the folks at http://www.cryptocard.com/ [cryptocard.com] . Beats using passwords and is easy to migrate from RSA key auth to this.